What’s the difference between pharming and phishing?

Both attacks are attempts to get your user names and passwords, but they are quite different. Phishing attacks usually will involve an email that appears to be from a company with which you do business prompting you to take action and log in to your account with the link provided in the email. The Web site you visit is not the real site but a cleverly designed imposter site that may seem real to you, so you will enter your username and password, which is then captured by the attacker.

Pharming is different in that it can happen when you are going to a legitimate Web site, even when you have typed the URL of the Web site yourself. In a pharming attack, the criminal “hijacks” the intended site’s DNS (domain name system) server. The result is that you are redirected an imposter site that looks like your intended site. Many won’t notice any difference, will enter their username and password as usual, and the attacker captures it.

See: How does phishing work?